Blocking a range of IPs in CSF?
Hi
Seeking opinions on the advisability of blocking some countries by range on a webserver in the csf deny. The server itself is high-powered with lots of resources.
We are setting up a new server specifically for domestic sites. We have config server installed, and have some tight rules in cphulk as well.
But of course we can see that the logs are filling up with blocks from some of the usual suspects.
We use project honeypot and several of the lfd blocklists already, although the benefits are hard to quantify (one can only hope....).
We were thus thinking to just block some ranges in csf deny, and one question that immediately comes to mind is impact on serving sites, and server resources although as noted this server is well allocated in that respect. Obviously as looking to block foreign ranges such traffic is not an issue for the sites that will be placed on this server.
Just wanted to canvass for opinions and we thank in advance all who respond.
-
Hi, If you need to whitelist or block a range of IP addresses using CSF, it can be done, but you need to use the CIDR format. For example, to block 192.168.0.0 to 192.168.0.255 you would add 192.168.0.0/24 to the blocked list. If you are unsure how to convert a range of IP"s to CIDR, I find the following site helpful. You enter the starting IP, and ending IP, and it will create the CIDR entries for you. IP to CIDR online converter You will likely receive better support on the CSF application from their support forums found at: ConfigServer Community Forum - Index page 0 -
We block thousands of individual IPs and ranges (CIDRs) and even several countries using CC_DENY which adds thousands of more ranges, with virtually 0 impact on resource usage. 0 -
We block thousands of individual IPs and ranges (CIDRs) and even several countries using CC_DENY which adds thousands of more ranges, with virtually 0 impact on resource usage.
This is one of the matters we were concerned about - resource usage. We thought there would be minimal impact but its great to get some third party thoughts and your input is appreciated. The other issue we potentially foresee is site loading time as the deny files are parsed but we will do some a/b testing and if we find anything notable we will advise. You know, we forgot about CC_Deny option in the config serv setting as we have not had past occasion to use it or custom lists at the server level (LF_GLOBAL) as all our servers had a mixed bag of customers (so we did such blocks at the .htaccess level typically, or guided them to use the cpanel options for simple blocks). So this was a great reminder that the option(s) is there and we are feeling a little silly for not remembering it given how many thousands of times we have been through the configserv settings panel.....Hi, If you need to whitelist or block a range of IP addresses using CSF, it can be done, but you need to use the CIDR format. For example, to block 192.168.0.0 to 192.168.0.255 you would add 192.168.0.0/24 to the blocked list. If you are unsure how to convert a range of IP"s to CIDR, I find the following site helpful. You enter the starting IP, and ending IP, and it will create the CIDR entries for you. IP to CIDR online converter You will likely receive better support on the CSF application from their support forums found at: ConfigServer Community Forum - Index page
Thank you for your responses although this info we already knew - its simply that in the past we typically blocked at the website level via .htaccess files and wanted a better global solution. In respect of the ConfServ form we did think about posting at it but thought why not here first as these forums are very active. In the spirit of contributing, for anyone reading some sites we find handy for determining range blocks and other useful info: CIPB - Create Country ACL IP Address Ranges by Country0 -
CSF should be efficient enough to filter the traffics by IP address range. You could give it a try. If you need IP address list by country in multiple firewall formats, you can export it free from Block Visitors by Country | IP2Location Good luck! 0 -
I have the following in my CSF file: 114.119.0.0/16 #Manual Subnet Block CW 16/01/2020. Massive hots from China and Singapore. Look lit bad bots. Yet I have seen visitors: 0 -
Is there a way a bulk IP POP3 or imap will IP's will be allowed? I tried IP like this (for example only) 123.45.0.0/24 # csf.allow then I saw some IP IN csf.deny 123.45.111.222 # lfd: (pop3d) Failed POP3 login from 123.45.111.222 [LIST] - can somebody explain to me why is this happening?
- how can I make this work?
- May I know if my bulk IP allow is correct declared?
0 -
CSF does support CIDR notation, so I would expect that to work well. The csf.deny file could still be processing IPs that are brute forcing the server though, whch would be my guess as to what is happening here especially if you have cPHulk enabled. 0
Please sign in to leave a comment.
Comments
7 comments